Testing Out Cell-Phone Viruses on a Prius

← Back to Stories (view on slashdot.org)

Testing Out Cell-Phone Viruses on a Prius

Posted by timothy on Monday May 9, 2005 @11:47AM from the deep-underground-in-their-lair dept.

Mikko Hypponen writes "Couple of months ago there were rumours floating around that Bluetooth viruses could infect the on-board computers of some Lexus cars, or at least cause some visible effects on them. We took a Toyota Prius to an underground bunker and tested various Bluetooth mobile phone viruses and assorted Bluetooth attacks against the onboard computer. Results were somewhat surprising. It came as no surprise that we could not infect the car, but the Prius performed in the test even better than expected. No matter what we did the car did not react to the Bluetooth traffic at all. Cabir tried to send itself to the car and the car just did not allow the Bluetooth OBEX transfer to happen. Then, the whole car crashed (but not because of a virus)... Full story with pictures in our weblog."

24 of 196 comments (clear)

Well, that's good... by ackthpt · 2005-05-09 11:49 · Score: 5, Funny

Apart from the car crashing. Maybe a few less pints of Boddington's next time you head for the bunker, eh?

--

A feeling of having made the same mistake before: Deja Foobar
Still At Risk by fembots · 2005-05-09 11:50 · Score: 5, Funny

The article said "After intensive tests for all morning, the battery of the car was running low".

Does that mean that a similar DOS attack can disable most cars in a car park?

--
Rock that crushes, Paper & Scissors that don't matter.
1. Re:Still At Risk by RevDobbs · 2005-05-09 11:59 · Score: 5, Insightful
  
  It's a very interesting idea to DOS a car.
  
  A much easier to execute Denial-of-Service would be to slash the tires, doncha think? Only takes about 45 seconds to get to all four of 'em, it isn't terribly noisy, and I've never been caught doing it.
  
  I mean, it seems like that detection would be very unlikely.
2. Re:Still At Risk by Vellmont · 2005-05-09 12:00 · Score: 5, Funny
  
  Yes. This DOS attack has been known for quite a long time. It's only recently become known outside the hacker community. Some people even accidentally do it to themselves. Among laymen it's called "leaving your lights on".
  
  --
  AccountKiller
3. Re:Still At Risk by Samari711 · 2005-05-09 12:44 · Score: 5, Interesting
  
  a better way to do this is to buy a valve tool at the local auto parts store. rather than do any permenant damage just loosen every tire's stem. Even if the owner could figure out why their tires are flat, they most likely won't have the tool on hand to fix it. even if they have a pump, the tires won't inflate and they'll be very confused. Also note that some car (especially those abominations known as Hummers) have tires that automatically inflate themselves, so doing this to one of them would result in a car with 4 flats and a dead battery :)
  
  --
  I never said I was smart, I just said I was smarter than you
Only works on the Lexus, not the Prius by WillAffleckUW · 2005-05-09 11:51 · Score: 3, Funny

After all, cell phone virii only attack those who pay way too much for a car, without increased efficiency ...

Hmmm, maybe the Matrix is happening ...

--
-- Tigger warning: This post may contain tiggers! --
Re:Serious Question by winkydink · 2005-05-09 11:51 · Score: 4, Informative

RTFA. It wasn't their car. Toyota lent it to them.

--
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
what a shitty error message by RevDobbs · 2005-05-09 11:52 · Score: 5, Insightful

Granted, the transmission may not be working -- but there should be a diagnostic saying "OMFG Battery Voltage Low" first. If you lost your arms in an industrial accident you don't start by telling the doctor that you have a hard time holding pens...
1. Re:what a shitty error message by SagSaw · 2005-05-09 14:27 · Score: 5, Informative
  
  Granted, the transmission may not be working -- but there should be a diagnostic saying "OMFG Battery Voltage Low" first.
  
  IAAAEE (I am an automotive electrical engieer)...
  
  From an automotive safety standpoint, a malfunctioning park interlock system is pretty close to the top of the list of bad things. The part interlock is the system that prevents the an automatic transmission from shifting out of park unless the vehicle key is in the ignition and there is a second input from the driver (typically by pressing the brake). If the park interlock malfunctions, a simple bump of the shifter (or possibly even the vehicle) might cause the car to shift out of park and begin to roll away. Typically, any failure that disables the function of the park interlock is given the highest severity (Severe injury or death occurs without warning) on any type of DFMEA analysis.
  
  By prominitly displaying a warning on the dashboard, this failure drops down a few notches in severity as there is clear warning that a failure has occured and instructions from how to minimize the risk.
  
  As a result, if the Prius is only capable of displaying one fault condition at a time, a fault with the park interlock system is much more important to display than a low battery voltage. That having been said, some sort of indication of a low battery condition would also be a good idea, perhaps via a trouble light on the dashboard or elsewhere.
  
  --
  Come test your mettle in the world of Alter Aeon!
2. Re:what a shitty error message by slacktide · 2005-05-09 17:33 · Score: 4, Funny
  
  Oh my god! It's a Safety Nightmare! It's also the exactly how every manual transmission car on the road works, and we don't see endless parades of them rolling down the hill, do we?
In other news... by Bifurcati · 2005-05-09 11:55 · Score: 4, Funny

Two bodies were found dead on the side of the road, apparently flung from a speeding vehicle. Satellite tracking followed the car as it drove itself, without driver, to a house in suburban San Diego. Police arrested 14 year old Neville Splink as he prepared to climb into the drivers seat with a modded Bluetooth enabled Playstation 2 running Linux and a copy of Gran Turismo 4. Neville could not be reached for comment, but sources say he couldn't believe how lucky he was that some idiots deliberately loaded his virus into their car. He had been expecting to have to take over their minds with their mobile phones first.
Police have warned all families with nerdy children to be on the look out for unexplained cars turning up in their garage.

--

Physicist, consultant, science communicator
Virus that pummels users into submission by G4from128k · 2005-05-09 12:00 · Score: 5, Insightful

TFA, further down the page, describes the user experience of a Cabir infection. The recipient must click "yes" a number of times to accept the unknown transmission, install the unknown file, and bypass a security warning about installing something from an unverified supplier. Why do people click "yes" to all this? Because if you click "No" the virus keeps trying to install itself and pester you with the messages.

Definitely reminds me of "Abort/Retry/Fail" error message of so long ago. The first time you ever see the message, you hit "retry" a few times hoping it will work. Eventually, the computer teaches you to never try "retry" because it only puts up the error message again.

This virus is social engineering at its best, just like the whiny kid in the grocery store. Keep pestering until they say "yes."

--
Two wrongs don't make a right, but three lefts do.
1. Re:Virus that pummels users into submission by AdamWeeden · 2005-05-09 13:50 · Score: 3, Insightful
  
  This virus is social engineering at its best, just like the whiny kid in the grocery store. Keep pestering until they say "yes."
  
  Except that you can't take the virus to the frozen foods aisle and beat it with a loaf of frozen bread to get it to shut up. :)
  
  --
  I was quoted out of context in my autobiography...
Not Suprising, But still interesting by Xeroc · 2005-05-09 12:01 · Score: 3, Interesting

After all, the cell phones use Symbian OS, and the Prius (and Lexus) both do not use it, so it isn't very suprising that the virus wouldn't work. After all, you don't hear very often that a MS-Windows virus infects a Macintosh.

Also, I liked the apparent security features in the car, that it didn't react to the bluetooth traffic, but then again, this is probably just due to an inconpatiblility - i.e. the car won't except any type of data but a specific type, like a valid VCARD phone book.

--
"Real programmers don't comment their code. If it was hard to write it should be hard to understand."
Re:Serious Question by douglips · 2005-05-09 12:03 · Score: 3, Interesting

You do realize that these people (F-Secure) are virus fighters? They intentionally infect all kinds of things all day long, so they can figure out how to cure them.

--
My amazing wife - Artist, Author, Philosopher - Laurie M
Crazy by XFilesFMDS1013 · 2005-05-09 12:06 · Score: 5, Interesting

Reading the article, they're talking about going undergound in order to not effect any other cellphones in the area, and it stuck me as to how much is the same between a computer virus and a "physical" virus. I mean, scientists who work with e.g. bubonic plague, have to take the same cautions, i.e. not letting the virus out into the "wild", where it can spread. I suppose in a few years, many viruses will be tested like this, taking them into a underground bunker, putting them on a computer that has absolutly no connection to the outside world, and trying to find a cure for it. Then the geeks shall hold the true power.
Rebooting the car... by gambit3 · 2005-05-09 12:11 · Score: 4, Funny

Does anyone else feel disturbed by that statement?

We waited hesistantly a moment, turned ignition off and rebooted the car...

--
Watch the Teaser Trailer for "The Lightning Thief" Her
1. Re:Rebooting the car... by taniwha · 2005-05-09 12:53 · Score: 4, Interesting
  
  well given that the Prius doesn't have a traditional key, just a key-fob that identofies you and an 'on' button it is a lot like rebooting a PC - to be fair they probably didn't push 'reset' (there isn't one) just turned it off then on again
Funny, the same thing happened... by ctl4u · 2005-05-09 12:19 · Score: 5, Funny

With my 1979 Toyota Camry no matter what bluetooth signals I sent there was no response. Needless to say, I was shocked!
KITT by thanjee · 2005-05-09 12:26 · Score: 4, Funny

Did KITT ever get a virus?

If he ever got sick it would have been that he was just sick of having David Hasselhoff hanging around all the time.

--
Saying your OS is the best because more people use it is like saying MacDonalds make the best food
The item I liked ... by jc42 · 2005-05-09 13:01 · Score: 3, Funny

... was the story from the guy whose cell phone caught the cabir virus, and his phone company's solution was to throw it away and buy a new phone.

Now I'm going to be expecting to hear that Microsoft has adopted this approach (and PHBs are ordering their people to do it) ...

--
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Not terribly meaningful by subStance · 2005-05-09 13:15 · Score: 4, Interesting

I'm no professional scientist, but it was my understanding that in order to prove something was not true, you have to demonstrate why it can never happen, not that it doesn't happen on a single car that you test it on.

There must be hundreds of different versions of the car's software that have varying levels of resilience to the virus.

I can't wait to see the follow up ... "Why Windows never crashes: we tested and it didn't so it never crashes okay ?" No trouble getting funding for that study from Redmond.

--
Servlet v2.4 container in a single 161KB jar file ? Try Winstone
Dumb and dumber... by ArrayIndexOutOfBound · 2005-05-09 13:15 · Score: 4, Funny

This is really good, you guys are killing me.

Trying to infect Prius with a Symbian "virus" is like trying to infect a tree with a choc chip cookie . Hey I can come up with a better one - it's like trying to infect shampoo with a book on eating disorders (now go picture that in your head for a second).

I won't go into debunking this as I have already done that (http://slashdot.org/comments.pl?sid=137390&cid=11 486620).

But this is so sweet - it takes one dumb kid with too much time on their hands and one even dumber kid to moderate at voila! you get slashdot "news".

Don't you love it!
1. Re:Dumb and dumber... by thegrassyknowl · 2005-05-09 14:56 · Score: 4, Insightful
  
  Trying to infect Prius with a Symbian "virus" is like trying to infect a tree with a choc chip cookie . Hey I can come up with a better one - it's like trying to infect shampoo with a book on eating disorders (now go picture that in your head for a second).
  
  A lot of these embedded machines run Java-based software now. If it can run Java it doesn't matter what OS is underneath it. Sure, the JVM and the OS may have differing levels of protection depending on the device, but as I said... Java is the key.
  
  From what I understand (from my limited reading becuase I don't really give a flying fuck... nothing I own has Bluetooth for a very good reason) these cellphone virii rely on the Java compatibility to work.
  
  From the site:
  
  In February we published an official statement from Toyota that Lexus does not use Symbian OS, and thus cannot be infected by any of the Cabir variants.
  
  However a mobile worm infecting a car is a thought that one cannot let go easily, and even as we knew that the car cannot be infected, this was something that just had to be tested for real.
  
  So they already knew it isn't possible to infect the car. That much is clear. Now, Toyota could have lied about the OS it runs, and the car may have been vulnerable. You never know for sure until you try these things.
  
  It was still an interesting experiment because they discovered a few flaws in the Toyota Bluetooth system - the corrupted phone name that froze the display and the flat battery wasn't properly handled by the system.
  
  So, saying this was a stupid experiment is really stupid in itself.
  
  --
  I drink to make other people interesting!